Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #7497
shape_stringify
should return a string, that's why i did #7463, but should not be marked to be encoded again as it is the representation of a shape, so normally already encodedE.g.
shape_render
return anHtmlContentValue
holding aViewBuffer
whoseWriteTo()
doesn't encode againI think there are other filters that wrongly return a string marked to be encoded, i'm thinking about those that generate urls, maybe currently it works because the browser is aware of this and html decodes them before url encoding them.
Update:
So the filters that would need to return a string no to be html encoded aqain, are those that return a string that is intended to be already encoded, or intended to be encoded differently, e.g. url encoded for an url in an
href
.Seems okay for filters that generate urls as the strings are first url encoded by the filters, so most of the time html encoding an url encoded string does nothing, maybe not in all cases but again seems that the browser is aware of this.
Notice that for urls sometimes we want to also display them as texts, so here we would need strings that are not url encoded but only html encoded, but we would need 2 sets of filters, one for links and one for display values ;)
But there are other candidates, that would need to not mark their
StringValue
to be encoded again, as thesanitize_html
andmarkdownify
filters and so on, so that we don't need to add on them a| raw
filter.